hxxps://www[.]mediafire[.]com/file/g68w4wgpwx6lzmv/AutoReporterV2[.]zip/file

Resubmissions

07/09/2024, 16:05

240907-tjrepstgqa 8

07/09/2024, 16:04

240907-th4zeasamk 3

Analysis

max time kernel
58s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/g68w4wgpwx6lzmv/AutoReporterV2.zip/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133701986811628846"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{43FC157C-AF29-4B25-A2C6-8DD9BBE04A24}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1972	chrome.exe
1972	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3720 wrote to memory of 1884	3720	msedge.exe	107
PID 3720 wrote to memory of 1884	3720	msedge.exe	107
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 2572	3720	msedge.exe	110
PID 3720 wrote to memory of 3348	3720	msedge.exe	111
PID 3720 wrote to memory of 3348	3720	msedge.exe	111
PID 3720 wrote to memory of 2476	3720	msedge.exe	113
PID 3720 wrote to memory of 2476	3720	msedge.exe	113
PID 3720 wrote to memory of 2476	3720	msedge.exe	113
PID 3720 wrote to memory of 2476	3720	msedge.exe	113
PID 3720 wrote to memory of 2476	3720	msedge.exe	113
PID 3720 wrote to memory of 2476	3720	msedge.exe	113
PID 3720 wrote to memory of 2476	3720	msedge.exe	113
PID 3720 wrote to memory of 2476	3720	msedge.exe	113
PID 3720 wrote to memory of 2476	3720	msedge.exe	113

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/g68w4wgpwx6lzmv/AutoReporterV2.zip/file
1⤵
PID:244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3864,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:1
1⤵
PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4352,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:1
1⤵
PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5384,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:8
1⤵
PID:1408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5392,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
1⤵
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=6032,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=6024 /prefetch:1
1⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ff830aad198,0x7ff830aad1a4,0x7ff830aad1b0
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2304,i,14167868382364667699,4011398632967341510,262144 --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1924,i,14167868382364667699,4011398632967341510,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2244,i,14167868382364667699,4011398632967341510,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4448,i,14167868382364667699,4011398632967341510,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4448,i,14167868382364667699,4011398632967341510,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=560,i,14167868382364667699,4011398632967341510,262144 --variations-seed-version --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4536,i,14167868382364667699,4011398632967341510,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3368,i,14167868382364667699,4011398632967341510,262144 --variations-seed-version --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  PID:5200

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
PID:64

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff83668cc40,0x7ff83668cc4c,0x7ff83668cc58
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,10861909787042193038,5791633133523510994,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,10861909787042193038,5791633133523510994,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,10861909787042193038,5791633133523510994,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,10861909787042193038,5791633133523510994,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3400,i,10861909787042193038,5791633133523510994,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,10861909787042193038,5791633133523510994,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,10861909787042193038,5791633133523510994,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,10861909787042193038,5791633133523510994,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4452,i,10861909787042193038,5791633133523510994,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5240

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1752cdcca3512d9c0cd659d7067cecbc

SHA1
0d115499812dda5ca617b4d3df8c531f9bcb1283

SHA256
e9464b04b5e3befc6caee86b0596a5c80b0806916c361e1e242f43522d8a802c

SHA512
72b2b24fd3a57d67571c399a36522be8757f5f45b171ea97865943c10433901aed6264cceacc4315679bcd1a830c2e81f16e5035c4bb0782ced90677ee27f2d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6fbe5fca06a8232388c75225de3f3d60

SHA1
2556c79f96cc85ce84f5f37724e558561b0a91dd

SHA256
cab0100921701c5cb0134df80fcbb9b95b50e208e6e4a2f67a91598f1e7d6728

SHA512
b9e860e3a106306f2b66c5a905fa1a40fb052feb58b2765c0208f19aabfd683f6f3088ecbcc33c51e6b067157ffc4333f1737188e757081c549ef860c85add36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af6db5055eca40373baea1cfb9554645

SHA1
a718222e139c9c93709631aa1f9e1b2ef738afa2

SHA256
88e052c557593082d840f4b05e56cd8cd9b917b52314ffa291aa3adaf4b9dca6

SHA512
a5251ad3aa6d3cfc0ffa3d71fe2f69dd955af0a2c4300a840a94337b04203d5b4e5d738894e88dab8cfd10b103ebcd62991993ccf49a5f99bb81ad77601cf799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ef388531c4c2a7b855c80fe2d9eac929

SHA1
7291b84088cd793b3c17e90ac0a7a85d219602b8

SHA256
544e9016552f71d47b3b4f027c7ed52e7818eff2927e857b596c299340265dd1

SHA512
25aad7e79b616217de453ce1d134a589d8587b492dc73c057106658fd591f22e838e620fd58086f2d3ba015a0e623835ac750c98e3e86f09d00fb1188919cf80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d71d3cac-7b82-40a6-8233-4bbf686d031e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
4cea0971623c368ca65ee8397819a922

SHA1
c44ea0c2fb1160e3bebb6ab3881287d8308b4f25

SHA256
a598b8be969952a4f123b6ee7c1db39e51ccd09b479319e738b2b0ea8098e0a8

SHA512
d4a69f931bd110db41ed89babe73d132346052bf5449c302ff70a6910632d1763340e68d4ca583f8cf3b5b32350ed7c02398eb7d0b4ffc64f6786d494d41c976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
cc6b8687e8031e4b276d2f36bcdabe76

SHA1
fe87c0fcddcc6f4edb3b7c0f6fca936244b59849

SHA256
8d0e79f19dac428b4f2b2ed84a219e19842ed6bd1b39c4518d034f4e7c278c96

SHA512
c7e795cfeadc897968aa211b8aa1d34da776f20525dac043ef79e42997e343e6f3d3e8daef50dc8818d1bbbd0735bb2c32f799f8fb927d4b4df54df9aff62cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
640d7e78a0ac1617318be6e33c276bad

SHA1
2ab0df5a4825ed5a5d4a383420670db7fc2c5e68

SHA256
753edda297ce14c64046a4ff91a85033230e3319d238b32576a09320e499e216

SHA512
a2957af19707c457591843b840a69788d0a2f20323324adcb26934c27760b64354098c82303bde450a8edd26febab627b1546f35923af4d40713e45a2e9a0936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
297c63db85fdc40be40db22abf24c20f

SHA1
10fc6905e9dde6419433f065086a075aefee0279

SHA256
7f700deffd1ab924771fef2392e2a7a992c1dd1db0c2521e63232d1962e3bcfb

SHA512
31893324c808d001e34923c317708dab7c1ce374c5125c4fdefcc3374dd54fa99bacfc9b2170c814bc31bc538f47d33d2f1f0aa47a3134580343cfc12d900792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
ecad680a87fcf80f22f084dc3fae77e3

SHA1
34002118c51d872126b80531bef3e34f36e0c26b

SHA256
b1fbcc821935142aa4517b329982fa0e690d5baf4728a3d978595a4ed2f25c9b

SHA512
568588d5ca083686c4a39c30f245e0e898cf1398c442b453cd3ad5c3ec8d3ef4be3eceff20130ee3e94a20271f5411109a1b746433f64c036557d8cf28080cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e52b5a79-6762-4c47-ade1-c419499cb6ee.tmp

Filesize
50KB

MD5
12dd20ef165c389977d521c2d42b8a13

SHA1
ed80dca13edf7c47254a9c611e8b0eb0ec6f28c5

SHA256
f8ecb4c2477325a304ed722e53753d869dfd42a1066c83f7854d7c0ca52392c2

SHA512
31d54c03259d94891d07c52a0ab43bd12ef11bd8f56990a5102c7436b53610c0294258417a444cc8d270bee5b76c7b229c41131f555bbd19401e79370e78cd5c

Download Submit